Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

That's a single event. When you scroll through the entries over time, I guess you should also be able to manually check if there is a line that should have matched the if statement. But I guess the milliseconds in the _time (and mytime) fields prevent that match.

Can you try eval mytime=round(_time) and see if you then can get a match between mytime and now-45 or whatever?

at any moment 'mytime' and 'x' are never equal. There is always a gap of few seconds. x is always ahead of few secondsSo I did like | eval x = now() -5 and then it gave me some values .Thanks @FrankVI for your assistance.

this didn't work. my num is basically a UNIX time that I'm fetching from now() function.my comparison is like | x=now() |eval y =if(_time=x,sum,null())If I convert my _time to UNIX time and then perform the comparison, would that work ?

It's starting to get a bit confusing to be honest. Can you perhaps add some proper search code examples to your original question post as well as screenshots / copies of what the data looks like (especially the relevant fields).

Based on your description, the suggestions from @somesoni2 and myself should work, but apparently we are missing something specific from your situation.